Vulnerability in Haydenbleasel Next-forge
CVE-2025-23027
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.
EPSS: 0.003 (18.3th percentile) — read the EPSS interpretation.
Affected products
- Haydenbleasel Next-forge — versions < 3.0.11
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)